![iPhone 17 Air Could Get a Boost From TDK's New Silicon Battery Tech [Report]](https://www.iclarified.com/images/news/97344/97344/97344-640.jpg)
![Vision Pro Owners Say They Regret $3,500 Purchase [WSJ]](https://www.iclarified.com/images/news/97347/97347/97347-640.jpg)
![Apple Showcases 'Magnifier on Mac' and 'Music Haptics' Accessibility Features [Video]](https://www.iclarified.com/images/news/97343/97343/97343-640.jpg)
![Sony WH-1000XM6 Unveiled With Smarter Noise Canceling and Studio-Tuned Sound [Video]](https://www.iclarified.com/images/news/97341/97341/97341-640.jpg)
![Upgrade your CarPlay experience in 2025 with Ottocast NanoAI and Mini Wireless [20% off]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/nano-ai-banner-pc.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 147]: OpenAI Abandons For-Profit Plan, AI College Cheating Epidemic, Apple Says AI Will Replace Search Engines & HubSpot’s AI-First Scorecard](https://www.marketingaiinstitute.com/hubfs/ep%20147%20cover.png)
![How to Enable Remote Access on Windows 10 [Allow RDP]](https://bigdataanalyticsnews.com/wp-content/uploads/2025/05/remote-access-windows.jpg)
![[DEALS] The ChatGPT & AI Super Bundle (91% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![How to make Developer Friends When You Don't Live in Silicon Valley, with Iraqi Engineer Code;Life [Podcast #172]](https://cdn.hashnode.com/res/hashnode/image/upload/v1747360508340/f07040cd-3eeb-443c-b4fb-370f6a4a14da.png?#)
Mozilla Firefox 138.0.4 fixes two critical security issues in the browser (ESR affected as well)
Mozilla released a critical security update for its open source Firefox web browser that addresses two security issues used during the Pwn2Own Berlin 2025 security event to exploit the browser. The details: […] Thank you for being a Ghacks reader. The post Mozilla Firefox 138.0.4 fixes two critical security issues in the browser (ESR affected as well) appeared first on gHacks Technology News.
Mozilla released a critical security update for its open source Firefox web browser that addresses two security issues used during the Pwn2Own Berlin 2025 security event to exploit the browser.
The details:
- The two security issues have a severity rating of critical.
- They were successfully exploited during the 2025 Berlin Pwn2Own event.
- Updates are available for Firefox Stable and Firefox ESR.
Firefox users who run the stable version of the web browser are encouraged to install the update to Firefox 138.0.4 as soon as possible to protect their data from potential attacks targeting the vulnerability. Considering that the exploits have been demonstrated successfully during the event, it is possible that malware actors will replicate them.
Both Firefox ESR, extended support release, versions are also affected. Mozilla maintains two ESR branches at the moment, one older operating systems such as Windows 7 and the other for current operating systems, such as Windows 10 and 11.
Most Firefox installations should install the update automatically. Firefox users may speed up the installation by selecting Menu > Help > About Firefox. This should download and install the update on desktop operating systems immediately.
Here is the list of Firefox versions after the installation of the update:
- Firefox Stable: 138.0.4
- Firefox 115 ESR: 115.23.1
- Firefox 128 ESR: 128.10.1
Two critical security issues in Firefox
Mozilla lists the two fixed security issues on the official security advisory website of the Firefox web browser. Both have a critical severity rating, which is the highest rating available.
- CVE-2025-4920: Out-of-bounds access when resolving Promise objects -- An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object.
- CVE-2025-4921: Out-of-bounds access when optimizing linear sums -- An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.
The next major release of the Firefox web browser is Firefox 139 Stable. Firefox 115.24 ESR and Firefox 128.11 ESR will also be released on the same day.
Now You: how do you handle updates of your favorite browser?
Thank you for being a Ghacks reader. The post Mozilla Firefox 138.0.4 fixes two critical security issues in the browser (ESR affected as well) appeared first on gHacks Technology News.
